CVE-2026-39827
Essential information
- Published
- 22/05/2026 04:16
- Modified
- 22/05/2026 04:16
- Author
- —
- Creator
- —
- CISA KEV
- No
- CWE
- —
- CVSS vector
- — — —
Description
An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for garbage collection.
NVD status
- Status
- Received — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| golang / ssh | cpe:2.3:a:golang:ssh:*:*:*:*:*:*:*:* |